If you are a blogger then there is a pretty good chance that you use the most popular platform – WordPress. If so, you are hopefully aware that the software is updated on a regular basis, both to improve functionality and, also, to fix potential security issues.
Well, today, the latest release has been put out. WordPress 3.5.2 fixes 12 maintenance issues but, far more pressing, are the 7 security fixes. For this reason you should upgrade your WordPress installation immediately. you may also want to check that all your plugins are up to date too.
The 7 security fixes cover the following issues –
- Server-side request forgery attacks that could provide attackers with access to the site.
- Contributors can no longer publish posts improperly.
- The SWFUpload library has been updated that fixes several cross-site scripting vulnerabilities.
- Blocking denial of service attacks against sites that use password protected posts.
- An update to TinyMCE fixing a cross-site scripting vulnerability.
- Multiple cross-site scripting vulnerability fixes.
- Full path not disclosed when uploads fail.
Upgrading to the latest version of WordPress is simple – just look out for the yellow bar at the top of your dashboard in the admin area of your blog and follow the simple instructions.
Whilst I have never had an issue with an automatic update of WordPress it would still be advisable to run a backup before running the upgrade.